wp-plugin : microaudio

Plugin Details
Plugin Name: wp-plugin : microaudio
Effected Version : 0.6.2 (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/plugins/microaudio/mediaplayer.swf?file=http://seclists.org/images/sitelogo.png


Disclosure Timeline
Vendor Contacted : 2013-12-15
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| µAudio is a slim (450 Bytes!), fast plugin to create a flash mp3 player when mp3 links are clicked. In order to reduce clutter and file transfer, the links are unmodified until they are clicked, at which point a div with the player is faded in after the link. A second click on the link fades the player back out. µAudio also contains an 'autoconfig' feature which automatically examines the site CSS and attempts to pick colors for the various flash player elements based on the CSS values. This may not provide a "good" look in every situation, but should integrate well with most themes. In order to provide more fine grained control, you can also write custom css to specifically skin any aspect of the player which the autoconfig does not skin to your satisfaction. In order to help keep file loads down, the basic javascript is extremely small*. In addition, every effort has been made to use the smallest player possible and generally keep the plugin as small and light as possible. *µAudio does rely upon jQuery, however, the packed jQuery is quite lite, and many other plugins use it as well, making the total burden quite small. All data sizes assume that a jQuery has already been loaded. ]